Blame - data/reports/GO-2021-0107.yaml - vulndb

blob: 9c0cea514b8e5996f8bf35f79547fb9cee45e19f [file] [log] [blame]

Tatiana Bradley	f1409b0	2023-05-24 14:02:12 -0400	[diff] [blame]	1	id: GO-2021-0107
Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	2	modules:
Tatiana Bradley	82175fd	2023-05-31 17:04:08 -0400	[diff] [blame^]	3	- module: github.com/ecnepsnai/web
				4	versions:
				5	- introduced: 1.4.0
				6	fixed: 1.5.2
				7	vulnerable_at: 1.5.1
				8	packages:
				9	- package: github.com/ecnepsnai/web
				10	symbols:
				11	- Server.socketHandler
				12	derived_symbols:
				13	- Server.Socket
Tatiana Bradley	7c92a88	2023-05-08 13:11:54 -0400	[diff] [blame]	14	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
Roland Shoemaker	eb069dd	2021-07-15 13:05:23 -0700	[diff] [blame]	15	description: \|
Julie Qiu	04c3b9f	2022-08-29 22:22:51 -0400	[diff] [blame]	16	Web Sockets do not execute any AuthenticateMethod methods which may be set,
				17	leading to a nil pointer dereference if the returned UserData pointer is
				18	assumed to be non-nil, or authentication bypass.
				19
				20	This issue only affects WebSockets with an AuthenticateMethod hook.
				21	Request handlers that do not explicitly use WebSockets are not
				22	vulnerable.
Jonathan Amsterdam	49ef614	2022-02-10 08:53:15 -0500	[diff] [blame]	23	published: 2021-07-28T18:08:05Z
Tatiana Bradley	0cf3970	2022-07-28 13:53:54 -0400	[diff] [blame]	24	ghsas:
Tatiana Bradley	82175fd	2023-05-31 17:04:08 -0400	[diff] [blame^]	25	- GHSA-5gjg-jgh4-gppm
				26	- GHSA-jpgg-cp2x-qrw3
Damien Neil	00e94d7	2022-08-26 14:59:35 -0700	[diff] [blame]	27	references:
Tatiana Bradley	82175fd	2023-05-31 17:04:08 -0400	[diff] [blame^]	28	- fix: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	29	cve_metadata:
				30	id: CVE-2021-4236
				31	cwe: 'CWE-400: Uncontrolled Resource Consumption'